<!DOCTYPE html>
<html lang="en">
<head>
	<meta charset="UTF-8">
	<meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
	<title>Setup-passwords command fails due to connection failure | ElasticSearch 7.7 权威指南中文版</title>
	<meta name="keywords" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <meta name="description" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <!-- Give IE8 a fighting chance -->
    <!--[if lt IE 9]>
    <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
    <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
    <![endif]-->
	<link rel="stylesheet" type="text/css" href="../static/styles.css" />
	<script>
	var _link = 'trb-security-setup.html';
    </script>
</head>
<body>
<div class="main-container">
    <section id="content">
        <div class="content-wrapper">
            <section id="guide" lang="zh_cn">
                <div class="container">
                    <div class="row">
                        <div class="col-xs-12 col-sm-8 col-md-8 guide-section">
                            <div style="color:gray; word-break: break-all; font-size:12px;">原英文版地址: <a href="https://www.elastic.co/guide/en/elasticsearch/reference/7.7/trb-security-setup.html" rel="nofollow" target="_blank">https://www.elastic.co/guide/en/elasticsearch/reference/7.7/trb-security-setup.html</a>, 原文档版权归 www.elastic.co 所有<br/>本地英文版地址: <a href="../en/trb-security-setup.html" rel="nofollow" target="_blank">../en/trb-security-setup.html</a></div>
                        <!-- start body -->
                  <div class="page_header">
<strong>重要</strong>: 此版本不会发布额外的bug修复或文档更新。最新信息请参考 <a href="https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html" rel="nofollow">当前版本文档</a>。
</div>
<div id="content">
<div class="breadcrumbs">
<span class="breadcrumb-link"><a href="index.html">Elasticsearch Guide [7.7]</a></span>
»
<span class="breadcrumb-link"><a href="secure-cluster.html">Secure a cluster</a></span>
»
<span class="breadcrumb-link"><a href="security-troubleshooting.html">Troubleshooting security</a></span>
»
<span class="breadcrumb-node">Setup-passwords command fails due to connection failure</span>
</div>
<div class="navheader">
<span class="prev">
<a href="trb-security-internalserver.html">« Internal Server Error in Kibana</a>
</span>
<span class="next">
<a href="trb-security-path.html">Failures due to relocation of the configuration files »</a>
</span>
</div>
<div class="section">
<div class="titlepage"><div><div>
<h2 class="title">
<a id="trb-security-setup"></a>Setup-passwords command fails due to connection failure<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/security/troubleshooting.asciidoc">edit</a>
</h2>
</div></div></div>
<p>The <a href="setup-passwords.html" class="ulink" target="_top">elasticsearch-setup-passwords command</a> sets
passwords for the built-in users by sending user management API requests. If
your cluster uses SSL/TLS for the HTTP (REST) interface, the command attempts to
establish a connection with the HTTPS protocol. If the connection attempt fails,
the command fails.</p>
<p><span class="strong strong"><strong>Symptoms:</strong></span></p>
<div class="olist orderedlist">
<ol class="orderedlist">
<li class="listitem">
<p>Elasticsearch is running HTTPS, but the command fails to detect it and returns the
following errors:</p>
<div class="pre_wrapper lang-shell">
<pre class="programlisting prettyprint lang-shell">Cannot connect to elasticsearch node.
java.net.SocketException: Unexpected end of file from server
...
ERROR: Failed to connect to elasticsearch at
http://127.0.0.1:9200/_security/_authenticate?pretty.
Is the URL correct and elasticsearch running?</pre>
</div>
</li>
<li class="listitem">
<p>SSL/TLS is configured, but trust cannot be established. The command returns
the following errors:</p>
<div class="pre_wrapper lang-shell">
<pre class="programlisting prettyprint lang-shell">SSL connection to
https://127.0.0.1:9200/_security/_authenticate?pretty
failed: sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
Please check the elasticsearch SSL settings under
xpack.security.http.ssl.
...
ERROR: Failed to establish SSL connection to elasticsearch at
https://127.0.0.1:9200/_security/_authenticate?pretty.</pre>
</div>
</li>
<li class="listitem">
<p>The command fails because hostname verification fails, which results in the
following errors:</p>
<div class="pre_wrapper lang-shell">
<pre class="programlisting prettyprint lang-shell">SSL connection to
https://idp.localhost.test:9200/_security/_authenticate?pretty
failed: java.security.cert.CertificateException:
No subject alternative DNS name matching
elasticsearch.example.com found.
Please check the elasticsearch SSL settings under
xpack.security.http.ssl.
...
ERROR: Failed to establish SSL connection to elasticsearch at
https://elasticsearch.example.com:9200/_security/_authenticate?pretty.</pre>
</div>
</li>
</ol>
</div>
<p><span class="strong strong"><strong>Resolution:</strong></span></p>
<div class="olist orderedlist">
<ol class="orderedlist">
<li class="listitem">
If your cluster uses TLS/SSL for the HTTP interface but the
<code class="literal">elasticsearch-setup-passwords</code> command attempts to establish a non-secure
connection, use the <code class="literal">--url</code> command option to explicitly specify an HTTPS URL.
Alternatively, set the <code class="literal">xpack.security.http.ssl.enabled</code> setting to <code class="literal">true</code>.
</li>
<li class="listitem">
If the command does not trust the Elasticsearch server, verify that you configured the
<code class="literal">xpack.security.http.ssl.certificate_authorities</code> setting or the
<code class="literal">xpack.security.http.ssl.truststore.path</code> setting.
</li>
<li class="listitem">
If hostname verification fails, you can disable this verification by setting
<code class="literal">xpack.security.http.ssl.verification_mode</code> to <code class="literal">certificate</code>.
</li>
</ol>
</div>
<p>For more information about these settings, see
<a href="security-settings.html" class="ulink" target="_top">Security Settings in Elasticsearch</a>.</p>
</div>
<div class="navfooter">
<span class="prev">
<a href="trb-security-internalserver.html">« Internal Server Error in Kibana</a>
</span>
<span class="next">
<a href="trb-security-path.html">Failures due to relocation of the configuration files »</a>
</span>
</div>
</div>

                  <!-- end body -->
                        </div>
                        <div class="col-xs-12 col-sm-4 col-md-4" id="right_col">
                        
                        </div>
                    </div>
                </div>
            </section>
        </div>
    </section>
</div>
<script src="../static/cn.js"></script>
</body>
</html>